Bitcoin-based decentralised finance platform Solv Protocol said one of its token vaults was exploited for about $2.7 million and offered the attacker a 10% bounty to return the stolen funds.
The project said fewer than 10 users were affected and confirmed it would cover losses totaling 38.05 SolvBTC, a Bitcoin-pegged token used within its ecosystem.
Solv said it is investigating the exploit alongside security firms Hypernative Labs, SlowMist and CertiK.
Security researchers said the attacker exploited a vulnerability in a smart contract that allowed excessive minting of tokens used in the protocol.
According to CD Security co-founder Chris Dior, the hacker triggered the vulnerability 22 times before swapping the newly minted tokens for just over 38 SolvBTC.
Pseudonymous researcher Pyro said the attack resembled a re-entrancy exploit, a well-known smart contract vulnerability that has affected several DeFi platforms.
Solv has published an Ethereum wallet address inviting the attacker to claim a 10% bounty if the stolen funds are returned.
At the time of reporting, Bitcoin price was $70,589.42.